On Thu, Oct 22, 2020 at 1:30 AM Lawrence Kearney <[email protected]> wrote:
> Tory, > Some of the directives specified seem unnecessary. For example since > you're using a ldaps URI there's no need to implement TLS directives, and > since the LDAP backend is AD many of the attribute mappings are likely > unnecessary as well unless there's something we don't understand at play. > Perhaps simplify the config first. > > I would try the following and test. > > # ldap_id_use_start_tls = true > # ldap_service_port = 636 > ldap_tls_reqcert = allow > ldap_force_upper_case_realm = true > ldap_uri = ldaps://aadds.com > ldap_search_base = dc=aadds,dc=com > # ldap_user_object_class = posixAccount > ldap_default_bind_dn = aadds\sssd > ldap_default_authtok_type = password > ldap_default_authtok = somearbitrarycrap > ldap_tls_cacertdir = /etc/openldap/cacerts > > > # Unix to AD attribute mapping > ldap_schema = ad > # ldap_schema = rfc2307 > # ldap_user_object_class = person > # ldap_group_object_class = group > # ldap_user_home_directory = unixHomeDirectory > > # ldap_user_modify_timestamp = whenChanged > # ldap_user_principal = userPrincipalName > # ldap_user_name = sAMAccountName > # ldap_user_gecos = displayName > # ldap_user_uid_number = uidNumber > # ldap_user_gid_number = gidNumber > # ldap_user_shell = loginShell > # ldap_group_name = uniqueMember > > -- lawrence > > Thanks Lawrence, so same results, but def means I didn't need as much stuff as I had in there. I'm still able to get into the LDAP server but not getting any results. Not sure if this error is telling, or generic/normal ? (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus conn: 0x55791e6f7000 (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): Dispatching. (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit Also is this saying that it's not able to find the user and thus falls back to looking for the group or is this a sign of an issue? (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Oct 22 11:28:36 2020) [sssd[be[LDAP]]] [sysdb_cache_search_groups] (0x2000): Search groups with filter: (&(objectCategory=group)(ghost= [email protected])) Thanks again -Tory
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
